Privacy Policy

1. PURPOSE AND SCOPE OF NOTICE

This Privacy Notice ("Notice") is intended to explain how your personal information will be handled by Team Tito Limited ("Tito" "we", "our" and "us") of Unit 2, 64 Dame Street, Dublin 2 and sets out the information including the personal information detailed below relating to you ("Personal Data") that will be collected and processed by Tito and/or on its behalf by its third party service providers in the context of your engagement with www.ti.to (the "Website") and the platform and services provided thereon (together the "Tito Services").

Tito provides an event management and ticketing platform to its customers ("Event Organisers") that facilitates administration and organisation of these events plus the promotion of the events to, and the purchase of tickets to these events by, potential and actual attendees ("Attendees"). In certain circumstances, Event Organisers may be the controller of certain Attendees' Personal Data. Attendees who are a customer of, or otherwise interact through the Tito Services with, any of our Event Organisers are asked to also read Section 10 of this Privacy Notice.

For the purposes of this Notice, the controller of your Personal Data is Tito. If you have any questions or concerns about this Notice, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

2. APPLICATION OF THIS NOTICE

IMPORTANT: Please note that this Notice, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time in accordance with Section 11 of this Notice.

This Notice applies to the way we collect and process your Personal Data. Personal Data will be collected and processed during the course of our relationship with you and for a period afterward as may be required by applicable law.

During the course of your dealings with us, we will collect Personal Data:

from you: for example when you communicate with us, sign-up to the Tito Services as an Event Organiser, work with us or supply us with services, when you supply Personal Data via our Website or through the Tito Services, submit an enquiry or request support or when you subscribe to or express an interest in any of our newsletters or mailing lists; and

from Event Organisers or other third party sources: for example when you are an attendee who expresses an interest in or purchases a ticket to an event promoted by an Event Organiser using the Tito Services, through software platforms we use for business processes, statutory and regulatory authorities, third party service providers and occasionally some additional sources.

3. WHAT PERSONAL DATA WE PROCESS

We may collect and process the following Personal Data:

Personal Information

This includes information such as your name, email address, company, phone number and your password.

Device Information

This includes information such as:
* your device type, operating system, browser, IP address and other information derived from cookies used on the Website. Please see our Cookie Policy for further information; and
* details of your visits to the Website such as traffic data, location data and the resources, advertisements and linked websites that you access through the Website.

Transactional History

This includes information about the date, time, value and number of transactions you make through the Tito Services.

Miscellaneous

This includes any other information which is provided to us by you or on your behalf.

4. WHY WE PROCESS YOUR PERSONAL DATA

The following table details the legal bases for which ("Legal Basis") and the reasons why ("Purposes") we collect, obtain and process your Personal Data:

It is necessary to process this Personal Data to enter into and perform our contract with you in relation to:

your use of the Tito Services as an Event Organiser; and

your use of the Website.

If you do not wish to provide us with your Personal Data for these purposes, we will not be able to enter into or perform our contract(s) with you and you will not be able to avail of the Tito Services.

Access to the Website

To provide you with access to the Website and to allow you to use the Website.

Providing the Tito Services

To determine, perform and execute the terms on which you will engage with us as an Event Organiser;

to ensure the smooth running of the Tito Services;

to process your payments, through our third party payment providers; and

to contact you in relation to any aspect of the Tito Services;

Customer Account

To create your account for you to use on the Website;

to process your actions through this account; and

to otherwise manage and administer your account.

Legitimate Interests

It is in our legitimate interests to collect and process your Personal Data for the purposes of improving and monitoring website efficiency, enhancing your use of the Website.

It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.

Before we process your Personal Data to pursue our legitimate interests for these purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.

Improving Functionality and Efficiency

To monitor, test and improve the effectiveness of the Tito Services;

to monitor metrics such as total number of visitors, traffic data and demographic patterns on our Website; and

to ensure the content on the Website is presented in the most effective manner for you and your device.

Responding to Queries

To process and respond to any queries or requests you submit to us whether through the Website, by emailing us or otherwise; and

to seek your views on the Website and our services.

Customer Profiling

To build up a profile of you as a user of the Tito services, so that we can analyse and derive insights about who uses the Tito Services and how you use them.

News and Marketing

To send you a personal introduction email when you first sign up for the Tito Services;

to keep you updated with our news; and

to send you promotional and marketing material which we believe would be of use or interest to you.

Compliance with a Legal Obligation

We may process your Personal Data where it is necessary to comply with legal obligations to which we are subject.

To comply with our obligations under Irish and European law.

To Defend, Establish or be a Party to Legal Claims

We may process your Personal Data as necessary in order for us to establish, investigate, exercise or defend a legal claim to which you are a party.

To file legal proceedings;

to investigate, establish, exercise or defend a legal claim; and

to settle legal claims.

5. DISCLOSURE OF YOUR PERSONAL DATA

We may disclose some or all of the Personal Data we collect from and obtain about you to the following third parties:

Third Party Service Providers

We may share your Personal Data with the following third party service providers:

Amazon Web Services, who provide us with cloud storage;

Intercom, who provide us with customer relationship management, messaging and technical support services;

Hubspot, who provide us with analytics services that allow us to measure the effectiveness of articles, blog posts and marketing materials that we publish on our Website;

Zymplify, who provide us with analytics services that allow us to measure the effectiveness of articles, blog posts and marketing materials that we publish on our Website;

The list of third party service providers we use may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Tito Services. We update our list of third party service providers on https://github.com/teamtito/tito-gdpr-compliance/blob/master/third-parties.md regularly and we would refer you to this as the most up-to-date source of information on our third party service providers.

Regulatory Authorities, Law Enforcement Agencies, Public Bodies and Other Third-Party Companies

To comply with any applicable legal obligation, court order, summons, search warrants, or any other legal or regulatory obligation or request to which Tito is or may become subject; and

to protect the rights, property or safety of Tito, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Other Recipients

We may share your Personal Data with other third parties as and when necessary, including:

prospective or actual buyers of Tito or our assets (to facilitate the acquisition of Tito or a substantial portion of Tito's assets by a third party);

external advisors such as our lawyers, accountants and auditors.

6. TITO TRANSFERS OF YOUR PERSONAL DATA

We store and process your Personal Data on servers located within the European Economic Area (the "EEA"). However, we may transfer your Personal Data outside the EEA where we engage with third party services providers. We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your Personal Data. If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your Personal Data you can contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io

Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your Personal Data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.

We do not store or process any of your card or payment information. All payment information is processed by our trusted third party payment providers.

7. RETENTION OF YOUR PERSONAL DATA

In general, we expect to keep your Personal Data for as long as you use the Tito Services plus a period of up to 7 years thereafter. However we shall delete your IP address after 90 days. Please note that in certain circumstances, we may hold your personal data for a different period, for example, if we believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve or delete your Personal Data.

If you would like to know more about how long we will retain your Personal Data, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

8. HOW WE STORE AND SAFEGUARD YOUR PERSONAL DATA

We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your Personal Data. We also have in place measures to deal with and respond to any suspected data breach.

We are committed to taking reasonable and appropriate steps to protect the Personal Data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures.

9. YOUR RIGHTS AND HOW TO EXERCISE THEM

You have a number of rights in relation to your Personal Data, which are set out in this Section 9. Note that in certain circumstances these rights might not be absolute.

Right

Further Information

Right to be Informed

You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.

Right of Access

You have the right to request a copy of the Personal Data held by us about you and to access the information which we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.

Right to Rectification

You have the right to have any inaccurate Personal Data which we hold about you updated or corrected.

Right to Erasure

In certain circumstances, you may also have the Personal Data that we hold about you deleted, for example if you exercise your right to object and we do not have an overriding reason to process your Personal Data or if we no longer require your Personal Data for the purposes set out in this notice.

Right to Restriction of Processing

You have the right to ask us to restrict processing your Personal Data in certain cases, including if you believe that the Personal Data we hold about you is inaccurate or that our use of your Personal Data is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing on it until the issue is resolved.

Right to Data Portability

You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another controller where this is technically feasible.

This right only arises where we process your Personal Data on the legal basis of either your consent or where it is necessary to perform our contract with you and the processing is carried out by automated means.

Right to Object

You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.

Please note you have the right to object to our processing of your Personal Data for the purposes of sending you marketing and news.

You can exercise any of these rights by submitting a request to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

We will provide you with information on any action taken in relation to any of these rights upon your request without undue delay and at the latest within 1 month of receiving your request. We may extend this timeframe by one more month if necessary however we will inform you if this arises. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights.

You also have the right to lodge a complaint with the Data Protection Commission. For further information see www.dataprotection.ie.

10. CONSUMERS OF OUR EVENT ORGANISERS

Tito provides a comprehensive event management platform through which Event Organisers reach out to, communicate with, and sell to Attendees.

Whenever Tito processes an Attendee's Personal Data on behalf of an Event Organiser, we are acting as a processor, and we therefore conduct such activities strictly in accordance with the instructions of that Event Organiser and pursuant to the contractual arrangements in place with them. If you are an Attendee with an existing relationship with one of our Event Organisers, you should refer to the Event Organiser's website or any terms provided by that Event Organiser to understand their privacy practices and policies. Where you, as an Attendee, would like to exercise your rights in relation to your Personal Data over which the Event Organiser is the controller, you should contact the Event Organiser with such requests. We will cooperate as appropriate with requests from our Event Organisers to assist with such requests.

11. CHANGES TO THIS NOTICE AND QUESTIONS

We may amend this Notice on occasion, in whole or in part, at our sole discretion. Any changes will be effective immediately upon communicating the revised Notice to you.

If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.

If you have any questions, comments or concerns about the way your Personal Data are being used or processed by Tito, please submit your question, comment or concern in writing to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

Tito Security Policy

General Web Security

All Tito services that store data are hosted by Amazon Web Services, in Ireland.

All applications use SSL for HTTP transport, without support for compromised cryptographic mechanisms.

Outside access to services other than those hosted on port 80 and 443 are disabled. All insecure HTTP requests on port 80 are automatically redirected to HTTPS on port 443.

All passwords are stored in a one-way hash using strong (bcrypt) cryptography and multiple stretches.

Audit Policy

Tito will commission a detailed penetration test every 2 years, and an interim test every 6 months.

Breach Policy

In the event of a data breach, upon investigation, Tito will notify all individuals affected by the breach with:

details of what happened

personal information compromised

recommendations of a follow-on action

If there is evidence of a breach, all passwords will be reset, even those not specifically targetted by the breach.